An online scammer stole $93,000 from the Massachusetts Clean Energy Center, according to an audit released Monday by Massachusetts Auditor Suzanne Bump.

The Massachusetts Clean Energy Center, or MassCEC, is an independent governmental agency that funds programs and helps Massachusetts grow its clean energy economy.

According to the audit, a cyberscammer was able to get an official at MassCEC to wire $93,679 in public money to an account controlled by the scammer on Jan. 9, 2017. MassCEC discovered the theft Feb. 3, but only informed its board of directors in September.

The audit found that MassCEC did inform the attorney general's office and the Boston Police Department about the theft, but did not file a formal criminal complaint.

The agency was able to recover $25,261.

Bump wrote that if the agency officially requested police help or told its board sooner, it is possible that more money could have been recovered and the board could have made suggestions on how to prevent problems from happening again. Bump also noted that MassCEC did not have adequate policies in place to mitigate the risks of cybercrime and to require notification of the board of directors.

The MassCEC responded to the audit that the agency immediately contacted its bank and recovered the $25,000. Management also reviewed its internal processes and put in place new controls around wire transfers - for example, installing software that blocks known fraudulent websites.

The agency also said it had notified its board chairman and chairman of the audit committee about the theft in July 2017. MassCEC committed to taking more timely action in the future to notify the board of any theft and to notify the FBI in cases of cybercrime.

"The threats of cybercriminals are real and growing. It is imperative that both public and private sector entities take steps to reduce their risk of becoming a victim of these bad actors," Bump said in a statement. "While the funds that were stolen will likely never be recovered, I commend MassCEC for bolstering their defenses against this type of crime and hope that this incident spurs other entities to assess the adequacy of the policies, procedures and other protections they have in place to prevent these types of cyberattacks."

Craig Gilvarg, a spokesman for MassCEC, said in a statement, "The Massachusetts Clean Energy Center takes seriously its responsibility as a steward of public funds and, upon discovering a fraudulent wire transfer in February 2017, immediately engaged in a comprehensive internal review and implemented a number of new processes - including enhanced IT security measures and financial controls - designed to identify fraudulent activity and prevent theft."

"With these procedures in place, MassCEC will continue to work diligently to support the state's vibrant clean energy sector, creating quality jobs and economic activity for the people of Massachusetts while helping the Commonwealth meet its ambitious clean energy and climate goals," Gilvarg said.